Vulnerabilities > Orange > Arv7519Rw22 Livebox 2 1 Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-28 | CVE-2018-20577 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. | 9.1 |
2018-12-28 | CVE-2018-20576 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. | 5.4 |
2018-12-28 | CVE-2018-20575 | Improper Input Validation vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. | 7.5 |
2018-12-23 | CVE-2018-20377 | Unspecified vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. | 9.8 |